Skip to content

Bump: actions/checkout from v4 to v6 #599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Bump: actions/checkout from v4 to v6 #599

wants to merge 7 commits into from

Conversation

@Raj-G07
Copy link
Contributor

@Raj-G07 Raj-G07 commented Dec 2, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated GitHub Actions workflows to use a newer checkout action version across all continuous integration pipelines.
    • Version bumped to 0.1.0-alpha.71.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 2, 2025
edited
Loading

Walkthrough

This PR updates GitHub Actions workflows to use the actions/checkout@v6 action across all workflow files, replacing the previous v4 version. Additionally, the package version is bumped from 0.1.0-alpha.70 to 0.1.0-alpha.71 in both package.json and version.txt.

Changes

Cohort / File(s) Summary
GitHub Actions Workflows Checkout Upgrade
.github/workflows/add-sponsors.yml, .github/workflows/auto-rebase-develop.yml, .github/workflows/build_container.yml, .github/workflows/coderabbit.yml, .github/workflows/dependabot.yml, .github/workflows/docs.yml, .github/workflows/format.yaml, .github/workflows/release-cli.yml, .github/workflows/release.yml, .github/workflows/security.yml, .github/workflows/test.yaml		 Updated actions/checkout from v4 to v6 across all workflow steps; no other changes to configuration, fetch-depth, or surrounding steps
Version Bump
package.json, version.txt		 Bumped version from 0.1.0-alpha.70 to 0.1.0-alpha.71

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

  • Verify all actions/checkout@v4 references have been updated to v6 across all workflow files
  • Confirm version consistency between package.json and version.txt

Possibly related PRs

Suggested labels

nixopus-ci

Suggested reviewers

  • raghavyuva

Poem

🐰 From v4 to v6 we dance,
All workflows get their chance,
Fresh checkouts in the night,
Version bumps shine bright!
Alpha seventy-one takes flight! ✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the primary change - bumping actions/checkout from v4 to v6 across all workflows.
Linked Issues check ✅ Passed The pull request successfully updates actions/checkout from v4 to v6 across all GitHub workflows and increments version numbers as expected.
Out of Scope Changes check ✅ Passed All changes are directly related to the linked issue #594. Version bumps in package.json and version.txt are standard practice for releases.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2ee32bc and a5e1068.

📒 Files selected for processing (13)
  • .github/workflows/add-sponsors.yml (1 hunks)
  • .github/workflows/auto-rebase-develop.yml (1 hunks)
  • .github/workflows/build_container.yml (1 hunks)
  • .github/workflows/coderabbit.yml (1 hunks)
  • .github/workflows/dependabot.yml (1 hunks)
  • .github/workflows/docs.yml (1 hunks)
  • .github/workflows/format.yaml (1 hunks)
  • .github/workflows/release-cli.yml (3 hunks)
  • .github/workflows/release.yml (1 hunks)
  • .github/workflows/security.yml (2 hunks)
  • .github/workflows/test.yaml (1 hunks)
  • package.json (1 hunks)
  • version.txt (1 hunks)
🔇 Additional comments (16)
.github/workflows/test.yaml (1)

34-37: LGTM: actions/checkout v6 upgrade is compatible.

The upgrade from v4 to v6 maintains the same configuration parameters (fetch-depth, ssh-key), which are supported in v6. No breaking changes detected in this transition.

.github/workflows/build_container.yml (1)

30-34: LGTM: actions/checkout v6 upgrade with consistent configuration.

The checkout configuration is preserved correctly in the upgrade to v6.

package.json (1)

1-15: Verify version.txt matches package.json version.

The package.json version has been bumped to 0.1.0-alpha.71. Confirm that version.txt is also updated to the same version for consistency.

version.txt (1)

1-1: Version consistency confirmed.

The version.txt update to v0.1.0-alpha.71 matches the package.json version bump (with standard "v" prefix convention).

.github/workflows/coderabbit.yml (1)

15-16: LGTM: Simple checkout upgrade with no configuration changes.

The v6 upgrade is compatible with the simple usage pattern (no additional parameters).

.github/workflows/auto-rebase-develop.yml (1)

20-24: LGTM: Checkout v6 upgrade with critical git operation parameters preserved.

The v6 upgrade preserves both fetch-depth: 0 (required for rebase history) and token parameter (used for authenticated git operations). Both are supported in v6.

.github/workflows/add-sponsors.yml (1)

15-18: LGTM: Checkout v6 upgrade with ssh-key and fetch-depth preserved.

Configuration parameters are compatible with v6 and appropriately configured for git operations (ssh-key for push, fetch-depth: 0 for commit history).

.github/workflows/release.yml (1)

20-24: LGTM: Checkout v6 upgrade in critical release workflow.

The v6 upgrade preserves essential parameters for release operations: fetch-depth: 0 (for changelog generation) and ssh-key (for authenticated git commits/pushes). Both are fully compatible with v6.

.github/workflows/format.yaml (1)

32-35: ✓ Checkout version upgrade is compatible.

The actions/checkout@v6 action supports the fetch-depth and ref parameters, making this update backward compatible. No breaking changes expected.

.github/workflows/dependabot.yml (1)

12-12: ✓ Checkout version upgrade is compatible.

The basic checkout usage without parameters is compatible with v6.

.github/workflows/security.yml (1)

20-20: ✓ Checkout version upgrade is consistent and compatible.

Both security scan jobs (dependency-scan and secret-scan) properly updated from v4 to v6. The basic checkout usage is compatible with v6.

Also applies to: 37-37

.github/workflows/docs.yml (1)

30-32: ✓ Checkout version upgrade is compatible.

The actions/checkout@v6 action supports the fetch-depth parameter, ensuring compatibility with the existing configuration.

.github/workflows/release-cli.yml (4)

27-30: ✓ Checkout version upgrade is compatible with SSH key authentication.

The ssh-key input parameter is supported in actions/checkout and the fetch-depth parameter is supported in v6, ensuring the build-and-package workflow remains functional.

193-196: ✓ Checkout version upgrade is compatible with SSH key authentication.

The macOS build job properly uses both ssh-key and fetch-depth parameters, which are fully supported in v6.

311-314: ✓ Checkout version upgrade is compatible with token authentication.

The token and fetch-depth parameters are supported in actions/checkout@v6, maintaining compatibility for the release creation job.

1-384: Verify version bumps in package.json and version.txt.

The AI summary mentions that package.json and version.txt were updated from version 0.1.0-alpha.70 to 0.1.0-alpha.71, but these files were not provided in this review. Please confirm these version bump files are included in the PR to ensure completeness of the release versioning.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Raj-G07
Copy link
Contributor Author

Raj-G07 commented Dec 2, 2025

@raghavyuva If you have a free time ,then review it.

@raghavyuva
Copy link
Owner

raghavyuva commented Dec 2, 2025

Hey @Raj-G07 the PR looks good, but can we make sure it does not affect the original behaviour or has any drawbacks?

@Raj-G07
Copy link
Contributor Author

Raj-G07 commented Dec 2, 2025

v6 is primarily a security, performance, and maintenance update, and it maintains full backward compatibility with v4.

@raghavyuva
Copy link
Owner

raghavyuva commented Dec 3, 2025

@zhravan ready for merge, take a second pair of eye on this

zhravan
zhravan reviewed Dec 4, 2025
View reviewed changes
Copy link
Collaborator

@zhravan zhravan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be fine since, this is to checkout to specific workspace, so should be okay.

Please revert changelog.md / package.json / version.txt

@Raj-G07 Raj-G07 requested a review from zhravan December 4, 2025 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zhravan zhravan Awaiting requested review from zhravan

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

enhancement: Bump actions/checkout from v4 to v6

3 participants

@Raj-G07 @raghavyuva @zhravan